Spam Settings Explained

Created by Jason Carreiro, Modified on Thu, 15 Apr, 2021 at 11:56 AM by Jason Carreiro


Situation:

Administrators have switched to Proofpoint and would like to understand how our Spam Settings work and what do they mean. Administrators are also receiving reports that too much spam is getting through.


Solutions:


Spam settings can be adjusted from the Spam tab under Company Settings. Most of these same settings can also be set from the Spam tab under each individual User (or Functional Account). The spam engine behavior is actually based on each individual user's spam settings. Company Settings > Spam are used as a default for any new user(s) created


Customize Spam Filtering:

  • Some users might need different spam filter levels or options set. End Users (and admins) can manage their own filter settings.
  • Silent Users also have personal, customization settings that must be set and managed by an admin. They don't have access to login and manage their own settings. 
  • Most users probably want all categories of spam filtered aggressively. Your Sales team, however, might want lenient filtering of commercial offers so potential leads aren’t wrongly identified as spam.
  • You might adjust the spam settings of the functional account '[email protected]' so the spam sensitivity slider is adjusted to a less aggressive trigger point; or you might disable Quarantine bulk mail: for the purchasing team.

Spam Settings:

Spam Sensitivity (Slider)

This feature has a wide range of settings (2 - 22) which endeavor to meet the needs of all users. It is possible to manage each user's spam trigger threshold by adjusting this slider to a trigger level more closely to their needs. The range includes:

  • Very Strict: 2 - 3
  • Strict: 4 - 5
  • Standard: 6 - 8
  • Loose: 9 - 14
  • Very Loose: 15 - 22

Within each of these ranges is a fine tuning range to keep detection in as small steps of increment that is required to detect and manage modern sophisticated botnets. Spam sliders and adjustments of trigger levels are available per user and per organization. The lower the trigger level, the more spam is stopped. The higher the trigger level, less spam is stopped.


Quarantine Release Policy:


This setting allows the admin to determine who will have the ability to release messages from quarantine.

  • User can release - each user can release their own messages from the quarantine using any of the available means. (See Releasing emails from Quarantine).
  • Admin release only - users will be able to preview quarantined messages, but only an admin will be able to release the message from quarantine. If a user tries to release a message from quarantine from their quarantine digest report they will get the message Email cannot be released without admin privileges, please contact your administrator.


QUARANTINE EMAIL SUSPECTED OF BEING PHISH:


Emails will be more likely to be quarantined if they are scanned and identified as “phishing” based on additional factors, including your spam sensitivity level.

  • When an Inbound mail arrives, we scan and score the email. Part of the score is based on whether or not our engine identifies the message as a phishing attempt. If the message is identified as "phishing" it will add points to the total score.
  • If this option is selected, it will add more points to the total score - making it more likely that the message will be quarantined.
  • If this option unchecked, it will still add points, but not as many - so the message would likely need additional factors to add enough points to exceed the threshold to be quarantined.
  • If the total score is above your sensitivity setting, it will be quarantined. If the total score is below your sensitivity setting, it will still not be quarantined - even though you have this option checked.

REQUIRE ADMIN TO RELEASE PHISH EMAILS:


  • Similar to the above description for the Quarantine release policy. If this is set to "Yes" any message that is identified as a phishing attempt can not be released by an End User or Silent User. If they attempt to release a phishing message from quarantine, they will receive the error described above and be directed to contact their admin to release the message. 
  • If this is set to No, phishing messages will be treated like any other quarantined message and can be released by the user. 

If the Quarantine release policy is set to Admin release only, this option is grayed out since it becomes irrelevant. If EVERY quarantined message requires admin privileges to release, then of course the same would apply to phishing messages.

QUARANTINE BULK EMAIL:


Quarantine bulk email will scores emails if they are scanned and are identified as Confirmed Bulk Email based on numerous factors combined with your spam sensitivity level.

  • When an Inbound mail arrives, and the spam setting Quarantine bulk email is checked. We scan the email and add additional bulk factors to the email if found to be a Bulk email.
  • Depending on your Spam Sensitivity Trigger Level if the email is Confirmed Bulk Email, this will add factors to the ProofPoint MLX scoring.
    • If the overall results over your trigger level, it will be quarantined.
    • If the overall results below your trigger level, It will not be quarantined.

Bulk email and spam sensitivity level

Please note that we adhere to the spam sensitivity level. There are items that can cause the messages to score lower than perceived, and not quarantine as bulk. 

 

We do NOT auto-quarantine an email if it scores high for bulk per factors lowering it's overall score.


Spam Stamp & Forward:


Most users want their spam filters on. But they might want to forward spam through to Customer Support for further analysis. To allow potential spam to get through, you could choose to enable Spam stamp & forward for the email addresses used by Customer Support.

The following settings are available:

  • No - (Default Setting) Quarantine spam email. Deliver all others
  • All - Deliver all messages, but stamp spam email with the subject tag below. 
  • Partial - Delivery non-spam email normally. Quarantine very spammy email. Deliver moderately spammy email stamped with the subject tag below.
  • For more detail, see Spam stamp & forward settings

False Negative issues

Please note that when the stamp & forward feature is on, support cannot assist with false negative reporting reports. Support's directive will be to turn this feature off.

SPAM STAMP & FORWARD SUBJECT TAG:


This is the actual text that will be added to the beginning of the subject line of emails classified as spam if Spam stamp & forward is enabled. The default setting is ***Spam***, but this can be changed based on your preference.


Include An Easy-Spam-Reporting Disclaimer In Passed Email:


This option allows your users to report received messages as spam directly from the email message itself.

You can set this option by checking the box as described here.


Inbound Domain Spoofing Protection:


This option can protect your users from spammers who attempt spoof your own domain, to make the messages appear as if the email came from one of their co-workers.

Domain protection only

This feature is to auto-quarantine emails that recognize inbound emails where the FROM or SENDER fields include your company domain(s).

Inbound Sender DNS Check: (Disable At Own Risk)

Please review this article for a more detailed explanation. When enabled, the Inbound sender DNS check provides an additional validation on the domain of the sender on inbound email. The validation includes:

  1. Sender Domain MX Records

    • A message will be rejected if the MAIL FROM domain has:
      • No DNS A or MX record, or
      • A malformed MX record such as a record with a zero-length MX hostname
  2. Sender Domain MX Records that point to private / reserved IP ranges
    • This signals a severe DNS misconfiguration and as a result we would reject the message.

Update spam detection settings above for all existing user accounts

This checkbox, found next to the Save button is extremely important. This will push the above settings to all users (regardless of their personal settings currently set). Without checking this box, any changes you make in the Company Spam Settings will only apply to new users created after these changes are made. To apply your changes to existing users, you must check this box before saving.